DSAR Guide (Export & Deletion Requests)

How to respond when a visitor requests access to or deletion of their data.

Not legal advice

DSAR obligations and timelines vary by jurisdiction (GDPR, UK GDPR, CCPA/CPRA, etc.). Use this as an operational guide and confirm requirements with counsel.

What to Ask For

  • Proof that the requester is the data subject (identity verification)
  • Enough information to locate their data (time window, device, order number, etc.)

What Zolvio Can Provide

  • Session recordings (where available and within retention)
  • Aggregated analytics and experiment event logs (where applicable)
  • Deletion of stored data (subject to retention rules and legal holds)

Retention Matters

If the requested data is older than your retention period, it may already be deleted. See Data Retention Policy.

Operational Steps

  1. Log the request and confirm timeline requirements for your jurisdiction
  2. Verify identity
  3. Locate data within the retention window
  4. Export or delete as requested
  5. Confirm completion to the requester